CrewAI Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in CrewAI, a tool for building and managing multi-agent AI systems. This vulnerability allows attackers to access content from internal and cloud services. The issue arises because the RAG search tools in CrewAI do not properly validate URLs provided at runtime. The vulnerability is present in CrewAI versions with the Code Interpreter Tool enabled, either by default or through manual addition by the developer.

Impact

Exploitation of this vulnerability allows for unauthorized access to internal and cloud services, potentially leading to further exploitation of the system or application.

Remediation

Users are advised to remove or restrict the Code Interpreter Tool wherever possible, avoid enabling the 'allow_code_execution' setting unless necessary, and monitor Docker availability to prevent fallback to insecure sandbox modes.